libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Enterprise_virtualization | Redhat | 2.2 (including) | 2.2 (including) |
| Qspice | Redhat | 0.3.0 (including) | 0.3.0 (including) |
| Red Hat Enterprise Linux 5 | RedHat | qspice-0:0.3.0-54.el5_5.2 | * |
| Red Hat Enterprise Virtualization for RHEL-5 | RedHat | rhev-hypervisor-0:5.5-2.2.6.1.el5_5rhev2_2 | * |